News

=========================================================== Ubuntu Security Notice USN-177-1 September 07, 2005 apache2, libapache-mod-ssl vulnerabilities CAN-2005-2700, CAN-2005-2728 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: apache2-mpm-perchild apache2-mpm-prefork apache2-mpm-threadpool apache2-mpm-worker libapache-mod-ssl The problem can be corrected by upgrading the affected package to version 2.0.50-12ubuntu4.8 (for Ubuntu 4.10), or 2.0.53-5ubuntu5.3 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Apache did not honour the "SSLVerifyClient require" directive within a <Location> block if the surrounding <VirtualHost> block contained a directive "SSLVerifyClient optional". This allowed clients to bypass client certificate validation on servers with the above configuration. (CAN-2005-2700) Filip Sneppe discovered a Denial of Service vulnerability in the byte range filter handler. By requesting certain large byte ranges, a remote attacker could cause memory exhaustion in the server. (CAN-2005-2728) The updated libapache-mod-ssl also fixes two older Denial of Service vulnerabilities: A format string error in the ssl_log() function which could be exploited to crash the server (CAN-2004-0700), and a flaw in the SSL cipher negotiation which could be exploited to terminate a session (CAN-2004-0885). Please note that Apache 1.3 and libapache-mod-ssl are not officially supported (they are in the "universe" component of the Ubuntu archive).